HIPAA Journal is the leading provider of news, updates, and independent advice for HIPAA compliance

MedData Report Offers New Healthcare Cybersecurity Insight

A new healthcare cybersecurity report has been released by the MedData Group, detailing the results of a new survey conducted on 272 U.S healthcare professionals.

New Insights into the State of Healthcare Cybersecurity

The Report – Physician and Hospital Professionals’ Perspectives on Cybersecurity in the Workplace – analyzes the results of a survey conducted in June of this year, and provides an insight into the current trends in healthcare cybersecurity. The report also highlights some to the major concerns medical professionals have about data security.

The survey was conducted on physicians, hospital administrators and Health IT professionals and asked their opinions on a wide range of cybersecurity issues.

With the increased risk of suffering data breaches, HIPAA-covered entities (CEs) have been given little choice but to implement a number of new security controls to repel hackers, monitor networks and prevent malware from being installed. However, physicians are not too confident in their organizations ability to prevent breaches.

Get The Checklist

Free and Immediate Download
of HIPAA Compliance Checklist

Delivered via email so verify your email address is correct.

Your Privacy Respected

HIPAA Journal Privacy Policy

Physicians Lack Faith in Cybersecurity Defenses

In spite of introducing new security measures, many healthcare professionals feel that their organization has still not done enough to safeguard Protected Health Information (PHI) of patients. Over a fifth of physicians (21%) rated their cybersecurity defenses as below average, with 38% rating them as only “adequate”.

Hospital administrators and health IT professionals had much more faith in the systems they put in place to prevent cybercrime. Only 8% rated their organization as being below average, and 46% said their cybersecurity defenses were above average or excellent. The figures show that confidence in a healthcare provider’s ability to repel a cyber-attack was three times higher with hospital employees than with physicians.

There was also a marked difference between how individuals rated defenses at different sized healthcare providers. Small organizations – those with fewer than 15 employees – were twice as likely to be rated as having below average defenses by physicians than large healthcare providers. Ever since the introduction of the HIPAA Security and Privacy Rules, smaller healthcare providers have struggled to achieve compliance and this appears to still be the case.

Perceived Risk of Suffering a Data Breach

There were interesting differences in the perceived level of risk that comes from that different information assets. Health IT professionals and hospital administrators rated email and internal messaging systems as the most risky. Physicians disagreed. They rated EHRs as having the highest data breach risk. Nearly three quarters of HIT professionals and hospital administrators rated email/messaging systems as the riskiest. EHRs were rated as the riskiest by 51% of physicians.

46% rated mobile communication devices as carrying the most risk of causing a data breach, indicating that many healthcare organizations have yet to implement a secure messaging system on hospital mobiles and BYOD units. Patient portals were rated as being particularly risky by 31% of respondents.

Top Cybersecurity Threats Rated

There may have been differences of opinion over in many areas of cybersecurity, but when it comes to the biggest threats to data security, HIT professionals and physicians are in agreement. The biggest two threats are malicious outsiders and malware, which were rated as the top risks by 68% and 65% of respondents respectively. Application system/network failures were rated as one of the biggest threats by 40% of respondents.

Factors Driving Data Security Improvements

The main driving force behind cybersecurity improvements is the need to comply with industry regulations and meet the minimum standards defined by HIPAA, according to survey respondents. However, other driving factors were suggested, which included being able to respond to new emerging security threats (44%), ensuring a fast breach response (36%) and lowering operational costs an improving efficiency (26%).

Author: Steve Alder is the editor-in-chief of HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered on HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has several years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics.